(1) Field of the Invention
The present invention relates to a one-to-one peer-to-peer communication apparatus and, more particularly, to a peer-to-peer communication apparatus and method to which optimum communication security rules in accordance with a communication peer and a security environment in the network of an apparatus used by the communication peer are applicable.
(2) Description of the Related Art
In a peer-to-peer communication system represented by the Internet telephone such as VoIP (Voice over IP), the encryption and authentication of packets is performed to prevent the listen-in or falsification of the contents of communication by an outsider. The encryption and authentication of the packet is performed in accordance with a “security policy” which is a sequence of rules showing how each of packets is to be encrypted and authenticated. A data base for storing such a security policy is termed a security policy data base which is normally stored in a device termed a policy server.
The IETF (Internet Engineering Task Force) as an organization for standardizing Internet technologies has defined IPsec (IP security) as protocols for ensuring security (prevention of the listen-in or falsification of the contents of communication by an outsider) on the IP (Internet Protocol) packet level in the Internet (Non-Patent Document 1: IETF RFC 2401, Nov. 25, 1998, pp. 14-17).
According to the foregoing protocols, a security policy to be applied to peer-to-peer communication of concern is selected by using information on the respective IP addresses and port numbers of a source and a destination, the types of higher-layer protocols such as TCP (Transmission Control Protocol) and UDP (User Datagram Protocol), and the direction of communication indicative of whether a target packet to which the security policy is to be applied is a received packet or a packet to be transmitted. By using security requirements described in the selected security policy, it is judged whether or not, e.g., a received packet should be discarded, the encryption (decryption) or authentication of packets to be transmitted (received packet) should be performed, the encryption or authentication is mandatory or performed only when it is possible, or the like. Specifically, a transmitter apparatus having an IPsec function retrieves, in the security policy database, the security policy corresponding to the source address and the destination address to be attached to a packet to be transmitted, performs encryption and authentication processes satisfying the security requirements described in the security policy with respect to the packet to be transmitted, and then transmits the packet to a communication peer.
Likewise, a receiver apparatus having the IPsec function retrieves, in the security policy data base, the security policy corresponding to the source address and the destination address attached to the received packet and examines whether or not the encryption and authentication processes satisfying the security requirements described in the security policy have been performed with respect to the received packet. The received packet not satisfying the security requirements is discarded without being passed to a higher layer.
A technology for ensuring communication security by using IPsec in a VPN (Virtual Private Network) which establishes a virtual dedicated line between two communication nodes on the Internet is disclosed in, e.g., Takayuki Ishii et al., “Implementation of Transparent and Dynamic VPN Mechanism” (Non-Patent Document 2: Quarterly IPv6 Magazine, Impress Corporation, Aug. 18, 2002, Summer 2002 No. 2, pp. 74-75). The conventional technology disclosed in Non-Patent Document 2 acquires security policy information to be used in peer-to-peer communication from an IPsec communication management server provided on a network by each of communication apparatus and solves a problem associated with detailed information such as an encryption key used for encryption through negotiation between the individual communication apparatus.
However, the peer-to-peer communication using IPsec disclosed in Non-Patent. Document 1 has the problem that, if the security requirements described in the security policy applied to the packet to be transmitted at the transmitter apparatus do not satisfy the security requirements registered at the receiver apparatus, the packet transmitted from the transmitter apparatus is discarded after being received by the receiver apparatus.
On the other hand, the IPsec communication management server disclosed in Non-Patent Document 2 is a server belonging to an external organization which centrally manages the communication security policies on the network from the viewpoint of the user of each of the communication apparatus. Accordingly, the IPsec communication management server cannot change the security policy in response to the need of each of the communication apparatus and cannot provide a flexible security function which allows the user to freely select a security policy depending on a communication situation.